The Spamhaus Block List (SBL) is a database of IP address ranges that are involved in distributing unsolicited emails.

The list can be queried in real-time by mailservers, allowing mail server administrators to identify, block, or tag incoming mail from SBL-listed IP addresses.

SBL includes IP addresses of devices that have been observed to be sending spam; that are hosting botnet C&C servers; URIs of compromised websites; IP addresses involved in email appending services; and domains and services that are advertised within spam emails.

This list can be used as both a sender IP blocklist and a URI blocklist, to help protect your mailstreams from spam and botnet malware.

Senders whose IP addresses have been listed in the SBL will receive a bounceback message, allowing them to check the email addresses of recipients, or correct any other sending issues.

There are several components to the SBL with two large sections being:

A list that is manually maintained by a dedicated team of Spamhaus researchers

An automated Composite Snowshoe listing mechanism (CCS), which lists individual IP addresses involved in sending low reputation email. CSS is designed to help you to block email sent from static spam emitters, such as snowshoe operations and compromised hosts. Listing on the Spamhaus CSS results from multiple events and heuristics and is based on a range of inputs.

Since February 2016, SBL has contained IPv6 data to help block Snowshoe spam.

The SBL contains data that is also made available as separate lists:

The Botnet Controller List (BCL) consists of single IPv4 addresses of command and control servers that are being used by cybercriminals to control infected computers. BCL does not contain any subsets, or CIDR prefixes larger than /32. All IP addresses included in BCL are also linked to an SBL listing that provides information on why that specific IP was listed.

Do not Route Or Peer (DROP) and extended Do not Route Or Peer (eDROP) lists. These are advisory, “drop all traffic” lists, consisting of netblocks of IP addresses that have been hijacked or leased by professional spammers or cybercrime operations and which are being used for the dissemination of malware, trojan downloaders, or other malicious activities.

SBL makes up part of the Spamhaus ZEN composite blocklist, comprising SBL, XBL and PBL.